[CentOS] djbdns under CentOS7: startup and socket issues

[James Hogarth]

On 17 Oct 2014 23:32, "Boris Epstein" <borepstein at gmail.com> wrote:
>
> Hello all,
>
> I am trying to get djbdns ( http://en.wikipedia.org/wiki/Djbdns ) running
> on CentOS 7. So far I have wirtten the djbdns.service and djbdns.socket
> files. The sockets (TCP and UDP 53) for some reason would not start and I
> don't know how to debug that;

I was under the impression it used daemontools and listened directly on the
ports rather than an inetd style behaviour of being triggered and having
the connection handed to it like socket based behaviour would require... It
seems unlikely you'd need a socket unit.

> the service does start but only when I start
> it manually by running
>
> systemctl start djbdns
>

This strongly indicates you don't need the socket as socket based services
are not stated by calling start on their service file.

You will need to add a wantedby multi-user.target to the [install] part of
that service file and then call systemctl enable djbdns

> So, I am a real noob when it comes to systemd, hence any advice on how to
> proceed will be much appreciated.
>

I'd ask why you want to use djbdns rather than the DNS server provided by
the CentOS distribution. If security is your concern then SELinux confined
bind (in a chroot as well if you like) is supported directly by the
distribution packages so you can be sure of updates and this list plus the
IRC channel can support that - unlike your custom compiled djbdns.

If you wanted to be extremely paranoid you could configure the systemd unit
for BIND to hide all but a select number of directories too... Which is
technically more powerful than the chroot as it makes use of kernel
namespaces.